PT-2018-1508 · Microsoft · Windows 7+3

Lucas Leong

Publicado

2018-08-14

Atualizado

2018-10-18

CVE-2018-8346

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Server 2008 Windows 7 Windows Server 2008 R2

Description A remote code execution issue exists in Microsoft Windows, related to the processing of .LNK files. This could allow remote code execution if a specially crafted .LNK file is processed. The vulnerability may be exploited by remote attackers to execute arbitrary code and affect the system.

Recommendations For Windows Server 2008, update to a version that includes the fix for this issue. For Windows 7, update to a version that includes the fix for this issue. For Windows Server 2008 R2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of .LNK files until a patch is available.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-64CWE-94

Identificadores relacionados

BDU:2018-01059

CVE-2018-8346

ZDI-18-940

Produtos afetados

Windows

Windows 7

Windows Server 2008

Windows Server 2008 R2

PT-2018-1508 · Microsoft · Windows 7+3

CVE-2018-8346

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10